Cybersecurity

New SparkKitty malware targets crypto wallets

A new Trojan dubbed SparkKitty is stealing sensitive data from mobile phones, potentially giving hackers access to cryptocurrency wallets.

Cybersecurity firm Kaspersky says the malware hides in fake crypto apps, gambling platforms, and TikTok clones, spread through deceptive installs.

Once installed, SparkKitty accesses photo galleries and uploads images to a remote server, likely searching for screenshots of wallet seed phrases. Though mainly active in China and Southeast Asia, experts warn it could spread globally.

SparkKitty appears linked to the SparkCat spyware campaign, which also targeted seed phrase images.

The malware is found on iOS and Android platforms, joining other crypto-focused threats like Noodlophile and LummaC2.

TRM Labs recently reported that nearly 70% of last year’s $2.2 billion in stolen crypto came from infrastructure attacks involving seed phrase theft.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI governance efforts centre on human rights

At the Internet Governance Forum 2025 in Lillestrøm, Norway, a key session spotlighted the launch of the Freedom Online Coalition’s (FOC) updated Joint Statement on Artificial Intelligence and Human Rights. Backed by 21 countries and counting, the statement outlines a vision for human-centric AI governance rooted in international human rights law.

Representatives from governments, civil society, and the tech industry—most notably the Netherlands, Germany, Ghana, Estonia, and Microsoft—gathered to emphasise the urgent need for a collective, multistakeholder approach to tackle the real and present risks AI poses to rights such as privacy, freedom of expression, and democratic participation.

Ambassador Ernst Noorman of the Netherlands warned that human rights and security must be viewed as interconnected, stressing that unregulated AI use can destabilise societies rather than protect them. His remarks echoed the Netherlands’ own hard lessons from biassed welfare algorithms.

Other panellists, including Germany’s Cyber Ambassador Maria Adebahr, underlined how AI is being weaponised for transnational repression and emphasised Germany’s commitment by doubling funding for the FOC. Ghana’s cybersecurity chief, Divine Salese Agbeti, added that AI misuse is not exclusive to governments—citizens, too, have exploited the technology for manipulation and deception.

From the private sector, Microsoft’s Dr Erika Moret showcased the company’s multi-layered approach to embedding human rights in AI, from ethical design and impact assessments to rejecting high-risk applications like facial recognition in authoritarian contexts. She stressed the company’s alignment with UN guiding principles and the need for transparency, fairness, and inclusivity.

The discussion also highlighted binding global frameworks like the EU AI Act and the Council of Europe’s Framework Convention, calling for their widespread adoption as vital tools in managing AI’s global impact. The session concluded with a shared call to action: governments must use regulatory tools and procurement power to enforce human rights standards in AI, while the private sector and civil society must push for accountability and inclusion.

The FOC’s statement remains open for new endorsements, standing as a foundational text in the ongoing effort to align the future of AI with the fundamental rights of all people.

Track all key moments from the Internet Governance Forum 2025 on our dedicated IGF page.

AI data risks prompt new global cybersecurity guidance

A coalition of cybersecurity agencies, including the NSA, FBI, and CISA, has issued joint guidance to help organisations protect AI systems from emerging data security threats. The guidance explains how AI systems can be compromised by data supply chain flaws, poisoning, and drift.

Organisations are urged to adopt security measures throughout all four phases of the AI life cycle: planning, data collection, model building, and operational monitoring.

The recommendations include verifying third-party datasets, using secure ingestion protocols, and regularly auditing AI system behaviour. Particular emphasis is placed on preventing model poisoning and tracking data lineage to ensure integrity.

The guidance encourages firms to update their incident response plans to address AI-specific risks, conduct audits of ongoing projects, and establish cross-functional teams involving legal, cybersecurity, and data science experts.

With AI models increasingly central to critical infrastructure, treating data security as a core governance issue is essential.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

NATO summit overshadowed by cyber threats

NATO’s 76th summit opened in The Hague amid rising tensions in Europe and the Middle East, overshadowed by conflict and cyber threats. Leaders gathered as rushers in Ukraine dragged on, and Israel’s strikes on Iran further strained global stability.

European NATO members pledged greater defence spending, but divisions with the US over security commitments and strategy persisted. The summit also highlighted concerns about hybrid threats, with cyberespionage and sabotage by Russia-linked groups remaining a pressing issue.

According to European intelligence agencies, Russian cyber operations targeting critical infrastructure and government networks have intensified. NATO leaders face pressure to enhance collective cyber deterrence, with pro-Russian hacktivists expected to exploit summit declarations in future campaigns.

While Europe pushes to reduce reliance on the US security umbrella, uncertainty over Washington’s focus and support continues. Many fear the summit may end without concrete decisions as the alliance grapples with external threats and internal discord.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Salt Typhoon exploits critical Cisco flaw to breach Canadian network

Canadian and US authorities have attributed a cyberattack on a Canadian telecommunications provider to state-sponsored actors allegedly linked to China. The attack exploited a critical vulnerability that had been patched 16 months earlier.

According to a statement issued on Monday by Canada’s Communications Security Establishment (CSE), the breach is attributed to a threat group known as Salt Typhoon, believed to be operating on behalf of the Chinese government.

‘The Cyber Centre is aware of malicious cyber activities currently targeting Canadian telecommunications companies,’ the CSE stated, adding that Salt Typhoon was ‘almost certainly’ responsible. The US FBI released a similar advisory.

Salt Typhoon is one of several threat actors associated with the People’s Republic of China (PRC), with a history of conducting cyber operations against telecommunications and infrastructure targets globally.

In late 2023, security researchers disclosed that over 10,000 Cisco devices had been compromised by exploiting CVE-2023-20198—a vulnerability rated 10/10 in severity.

The exploit targeted Cisco devices running iOS XE software with HTTP or HTTPS services enabled. Despite Cisco releasing a patch in October 2023, the vulnerability remained unaddressed in some systems.

In mid-February 2025, three network devices operated by an unnamed Canadian telecom company were compromised, with attackers retrieving configuration files and modifying at least one to create a GRE tunnel—allowing network traffic to be captured.

Cisco has also linked Salt Typhoon to a broader campaign using multiple patched vulnerabilities, including CVE-2018-0171, CVE-2023-20273, and CVE-2024-20399.

The Cyber Centre noted that the compromise could allow unauthorised access to internal network data or serve as a foothold to breach additional targets. Officials also stated that some activity may have been limited to reconnaissance.

While neither agency commented on why the affected devices had not been updated, the prolonged delay in patching such a high-severity flaw highlights ongoing challenges in maintaining basic cyber hygiene.

The authorities in Canada warned that similar espionage operations are likely to continue targeting the telecom sector and associated clients over the next two years.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

NCSC issues new guidance for EU cybersecurity rules

The National Cyber Security Centre (NCSC) has published new guidance to assist organisations in meeting the upcoming EU Network and Information Security Directive (NIS2) requirements.

Ireland missed the October 2024 deadline but is expected to adopt the directive soon.

NIS2 broadens the scope of covered sectors and introduces stricter cybersecurity obligations, including heavier fines and legal consequences for non-compliance. The directive aims to improve security across supply chains in both the public and private sectors.

To help businesses comply, the NCSC unveiled Risk Management Measures. It also launched Cyber Fundamentals, a practical framework designed for organisations of varying sizes and risk levels.

Joseph Stephens, NCSC’s Director of Resilience, noted the challenge of broad application and praised cooperation with Belgium and Romania on a solution for the EU.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Protecting the vulnerable online: Global lawmakers push for new digital safety standards

At the 2025 Internet Governance Forum in Lillestrøm, Norway, a parliamentary session titled ‘Click with Care: Protecting Vulnerable Groups Online’ gathered lawmakers, regulators, and digital rights experts from around the world to confront the urgent issue of online harm targeting marginalised communities. Speakers from Uganda, the Philippines, Malaysia, Pakistan, the Netherlands, Portugal, and Kenya shared insights on how current laws often fall short, especially in the Global South where women, children, and LGBTQ+ groups face disproportionate digital threats.

Research presented showed alarming trends—one in three African women experience online abuse, often with no support or recourse, and platforms’ moderation systems are frequently inadequate, slow, or biassed in favor of users from the Global North.

The session exposed critical gaps in enforcement and accountability, particularly regarding large platforms like Meta and Google, which frequently resist compliance with national regulations. Malaysian Deputy Minister Teo Nie Ching and others emphasised that individual countries struggle to hold tech giants accountable, leading to calls for stronger regional blocs and international cooperation.

Meanwhile, Philippine lawmaker Raoul Manuel highlighted legislative progress, including extraterritorial jurisdiction for child exploitation and expanded definitions of online violence, though enforcement remains patchy. In Pakistan, Nighat Dad raised the alarm over AI-generated deepfakes and the burden placed on victims to monitor and report their own abuse.

Panellists also stressed that simply taking down harmful content isn’t enough. They called for systemic platform reform, including greater algorithm transparency, meaningful reporting tools, and design changes that prevent harm before it occurs.

Behavioural economist Sandra Maximiano introduced the concept of ‘nudging’ safer user behavior through design interventions that account for human cognitive biases—approaches that could complement legal strategies by embedding protection into the architecture of online spaces.

Why does it matter?

A powerful takeaway from the session was the consensus that online safety must be treated as both a technological and human challenge. Participants agreed that coordinated global responses, inclusive policymaking, and engagement with community structures are essential to making the internet a safer place—particularly for those who need protection the most.

Track all key moments from the Internet Governance Forum 2025 on our dedicated IGF page.

WhatsApp prohibited on US House devices citing data risk

Meta Platforms’ messaging service WhatsApp has been banned from all devices used by the US House of Representatives, according to an internal memo distributed to staff on Monday.

The memo, issued by the Office of the Chief Administrative Officer, stated that the Office of Cybersecurity had classified WhatsApp as a high-risk application.

The assessment cited concerns about the platform’s data protection practices, lack of transparency regarding user data handling, absence of stored data encryption, and associated security risks.

Staff were advised to use alternative messaging platforms deemed more secure, including Microsoft Teams, Amazon’s Wickr, Signal, and Apple’s iMessage and FaceTime.

Meta responded to the decision, stating it ‘strongly disagreed’ with the assessment and maintained that WhatsApp offers stronger security measures than some of the recommended alternatives.

Earlier this year, WhatsApp disclosed that Israeli spyware company Paragon Solutions had targeted numerous users, including journalists and civil society members.

The US House of Representatives has previously restricted other applications due to security concerns. In 2022, it prohibited the use of TikTok on official devices.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

McLaren Health Care confirms major ransomware attack and data breach

McLaren Health Care in Michigan has begun notifying over 743,000 individuals that their personal and health data may have been compromised in a ransomware attack in August 2024.

The health system confirmed that unauthorised access to its systems began on 17 July and continued until 3 August 2024, affecting McLaren Health Care and its Karmanos Cancer Centers.

A forensic investigation concluded on 5 May 2025 revealed that files containing names, Social Security numbers, driver’s licence details, medical information, and insurance data were accessed.

Notification letters began going out on 20 June 2025, and recipients are being offered 12 months of complimentary credit monitoring and identity theft protection.

Although the incident has not been officially attributed to a specific ransomware group, industry reports have previously linked the attack to the Inc. Ransom group. However, McLaren Health Care has not confirmed this, and the group has not publicly listed McLaren on its leak site.

However, this is McLaren’s second ransomware incident within a year. A previous attack by the ALPHV/BlackCat group compromised the data of more than 2.1 million individuals.

Following the August 2024 attack, McLaren Health Care restored its IT systems ahead of schedule and resumed normal operations, including reopening emergency departments and rescheduling postponed appointments and surgeries.

However, data collected manually during the outage is still being integrated into the electronic health record (EHR) system, a process expected to take several weeks.

McLaren Health Care has stated that it continues to investigate the full scope of the breach and will issue further notifications if additional data exposures are identified. The organisation works with external cybersecurity experts to strengthen its systems and prevent future incidents.

The attack caused disruptions across all 13 hospitals in the McLaren system and affiliated cancer centres, surgery centres, and clinics. While systems have been restored, McLaren has encouraged patients to remain prepared by bringing essential documents and information to appointments.

The health system expressed appreciation for its staff’s efforts and patients’ patience during the response and recovery efforts.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cloudflare blocks the largest DDoS attack in internet history

Cloudflare has blocked what it describes as the largest distributed denial-of-service (DDoS) attack ever recorded after nearly 38 terabytes of data were unleashed in just 45 seconds.

The onslaught generated a peak traffic rate of 7.3 terabits per second and targeted nearly 22,000 destination ports on a single IP address managed by an undisclosed hosting provider.

Instead of relying on a mix of tactics, the attackers primarily used UDP packet floods, which accounted for almost all attacks. A small fraction employed outdated diagnostic tools and methods such as reflection and amplification to intensify the network overload.

These techniques exploit how some systems automatically respond to ping requests, causing massive data feedback loops when scaled.

Originating from 161 countries, the attack saw nearly half its traffic come from IPs in Brazil and Vietnam, with the remainder traced to Taiwan, China, Indonesia, and the US.

Despite appearing globally orchestrated, most traffic came from compromised devices—often everyday items infected with malware and turned into bots without their owners’ knowledge.

To manage the unprecedented data surge, Cloudflare used a decentralised approach. Traffic was rerouted to data centres close to its origin, while advanced detection systems identified and blocked harmful packets without disturbing legitimate data flows.

The incident highlights the scale of modern cyberattacks and the growing sophistication of defences needed to stop them.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.